src/hb-ot-layout-gsubgpos-private.hh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
New commits: commit e5930722d485207ca158612a2b08816337fed7e8 Author: Behdad Esfahbod <[email protected]> Date: Tue Nov 14 15:47:55 2017 -0800 Fix invalid buffer access in OOM times Hopefully fully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1856 diff --git a/src/hb-ot-layout-gsubgpos-private.hh b/src/hb-ot-layout-gsubgpos-private.hh index b0cffa3a..dcaa2617 100644 --- a/src/hb-ot-layout-gsubgpos-private.hh +++ b/src/hb-ot-layout-gsubgpos-private.hh @@ -1002,7 +1002,8 @@ static inline bool apply_lookup (hb_apply_context_t *c, if (idx == 0 && lookupRecord[i].lookupListIndex == c->lookup_index) continue; - buffer->move_to (match_positions[idx]); + if (unlikely (!buffer->move_to (match_positions[idx]))) + break; unsigned int orig_len = buffer->backtrack_len () + buffer->lookahead_len (); if (!c->recurse (lookupRecord[i].lookupListIndex)) _______________________________________________ HarfBuzz mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/harfbuzz
